Securing the organization’s confidential data with policies and security devices is a good method to provide a feeling of safety. But without monitoring, these methods would be useless against early detection of attacks and sophisticated security threads. Most attack attempts, approximately 80 percent, come from inside an organization’s network. Regardless of size, when one knows the network and knows how to monitor it, managing security events is easier. Monitoring one’s systems can provide the advantages of discovering policy violations and early detection of attacks. Security Monitoring covers all aspects of security log monitoring.
Security Monitoring is written by security experts from Cisco Systems. They demonstrate how to detect damaging security incidents on a global network. The book is a professional reference guide and it includes how-to guidance for security monitoring, which is especially helpful for information security professionals. Chief information security officers (CISOs) will find value in the publication as they can learn more about using logs to monitor information systems.
The book is written at an intermediate to advanced level. The authors expect readers to have a basic understanding of security concepts and some system security experience.
A reference guide, Security Monitoring
is organized into eight chapters with an index. These chapters together offer a simple, six-step process to improve network monitoring. These steps will help the reader:
- Develop policies—Define rules, regulations and monitoring criteria.
- Know one’s network—Build knowledge of the infrastructure with network telemetry.
- Select one’s targets—Define the subset of infrastructure to be monitored.
- Choose event sources—Identify event types needed to discover policy violations.
- Feed and tube—Collect data, generate alerts and tune systems using contextual information.
- Maintain dependable event sources—Prevent critical gaps in collecting and monitoring events.
The book provides brief definitions of monitoring, policy-based monitoring and implementing these monitoring policies as well as examples and real-life scenarios of security monitoring. It also includes a checklist for monitoring setup.
Security Monitoring includes much how-to information to ensure a better understanding, provides diagrams of systems and configuration structures, and gives detailed system command sets to enable generation of security logs on systems.
Security Monitoring is available from the ISACA Bookstore. For information, see the ISACA Bookstore Supplement in this Journal, visit www.isaca.org/bookstore, e-mail [email protected] or telephone +1.847.660.5650.
Reviewed by Tansu Gumus, CISA, CCNA
an IT auditor at Turk Ekonomi Bank A.S., Istanbul, Turkey. He has five years of experience in the IT auditing field. In his current role, Gumus is responsible for auditing the bank’s IT operations and those of its subsidiaries. He holds the COBIT® Foundation Certificate.
Enjoying this article? To read the most current ISACA® Journal articles, become a member or subscribe to the Journal.
The ISACA Journal is published by ISACA. Membership in the association, a voluntary organization serving IT governance professionals, entitles one to receive an annual subscription to the ISACA Journal.
Opinions expressed in the ISACA Journal represent the views of the authors and advertisers. They may differ from policies and official statements of ISACA and/or the IT Governance Institute® and their committees, and from opinions endorsed by authors’ employers, or the editors of this Journal. ISACA Journal does not attest to the originality of authors’ content.
© 2010 ISACA. All rights reserved.
Instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. For other copying, reprint or republication, permission must be obtained in writing from the association. Where necessary, permission is granted by the copyright owners for those registered with the Copyright Clearance Center (CCC), 27 Congress St., Salem, MA 01970, to photocopy articles owned by ISACA, for a flat fee of US $2.50 per article plus 25¢ per page. Send payment to the CCC stating the ISSN (1526-7407), date, volume, and first and last page number of each article. Copying for other than personal use or internal reference, or of articles or columns not owned by the association without express permission of the association or the copyright owner is expressly prohibited.